App Watch: Facial Recognition, Friend or Foe?


With facial recognition technology all the rage, it’s fitting, in an eponymous way that Facebook is advancing the art with its recent acquisition of for the startup’s Klik, a recently updated app that makes tagging friends in photos that much easier.

But no sooner was the deal done than vulnerability in the app was discovered that allowed users to access each others’ Facebook and Twitter accounts. Now corrected, it resulted from storing Facebook and Twitter OAuth tokens, unique authentication keys, on its servers insecurely, said Ashkan Soltani, an independent security researcher who reportedly discovered the breach and posted the story here.

The incident highlights growing concerns about privacy issues associated with facial recognition technologies, including accessibility to private photos, friend lists, or bogus status updates and tweets posted via user’s names.

According to, “An attacker could hijack a popular user’s account ‚ like Lady Gaga’s, had she used KLIK — and build face prints for their millions of Facebook friends. Then they could match those in real time to people walking down the street.”

Solutions to mitigate the invasive powers of facial recognition technologies range from policy proposals to counter-apps such as FaceLock for Apps. “The free version allows users to lock Settings, Play Store, Task Manager, and one application of choice. While this is by no means a way of completely securing your device, it’s a pretty cool way of preventing access to specific device features.

“Once the app is trained to recognize your face, any protected app will automatically initiate your front facing camera (which is a requirement for this app, for obvious reasons). Should your face not be recognised, it will ask you for the pin/password you set as a failsafe.”[more]

The basics of facial recognition technology have been around for 30 years, but mobile and social are revolutionizing the field while digital photography and cloud computing capabilities are creating a brave new world of imaging and tagging.

While Facebook enables users to stop friends from tagging their photos and allow facial recognition to people within their network, those settings are on by default and the potential data yield is exponential.

A Carnegie Mellon report last year revealed that researchers could identify students on campus from photos more than 30% of the time, using off-the-shelf facial recognition software and publicly accessible Facebook data, and that similar techniques enabled the accurate deduction of the first five numbers of students’ Social Security numbers, reports

“Knowledge of the first five digits of a target victim is sufficient for effective, brute force identity-theft attacks,” the report said, authored by Alessandro Acquisti, associate professor at Carnegie Mellon. “If you start combining all these public databases together, you can end up with very sensitive information just from a face,” he said.

Acquisti suggested a “Do Not Identify” preference to accompany the “Do Not Track” option for browsers, concluding, “I do feel concerned about it, but I do not have a good answer. The genie is out of the bottle.”

On the positive side, the Metropolitan Police in London have uploaded close to 3,000 CCTV images of people from riots last August via a free Facewatch ID app which sorts photos via postal codes.

“The technology and its secure database system were made available by Facewatch to all UK police forces and officials say it will soon link to the Facewatch business crime reporting system, already available to businesses in London.”

For sheer facial recognition whimsy, UKTV just launched a Facebook app that performs a personalized magic trip to promote its upcoming series Dynamo: Magician Impossible, which debuts on July 5th.

The app was created by Red Bee Media, and Ruth Shabi, Group Creative Director commented, “The immersive experience blurs the boundaries between magic and technology and delivers a truly personal and highly engaging experience. It’s the first time that the power of social media has been used in a close up magic trick.”

Magic or mayhem, faceprinting may soon displace the classic Shakespearean adage, “What’s in a name? That which we call a rose by any other name would smell as sweet.”